ext/sodium: pwhash: do not warn on low parameters

but raise an explicit error if these are too low
php · Nov 28, 2017 · c219991 · nikic · Nov 28, 2017 · c219991
1 parent 391d889
commit c219991
Showing 1 changed file with 36 additions and 23 deletions.
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
@@ -233,6 +233,19 @@ ZEND_END_ARG_INFO()
 # undef crypto_secretstream_xchacha20poly1305_ABYTES
 #endif
 
+#ifndef crypto_pwhash_OPSLIMIT_MIN
+# define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_OPSLIMIT_INTERACTIVE
+#endif
+#ifndef crypto_pwhash_MEMLIMIT_MIN
+# define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_MEMLIMIT_INTERACTIVE
+#endif
+#ifndef crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN
+# define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
+#endif
+#ifndef crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN
+# define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
+#endif
+
 const zend_function_entry sodium_functions[] = {
 	PHP_FE(sodium_crypto_aead_aes256gcm_is_available, AI_None)
 #ifdef HAVE_AESGCM
@@ -1839,12 +1852,12 @@ PHP_FUNCTION(sodium_crypto_pwhash)
 		zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0);
 		return;
 	}
-	if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
-		zend_error(E_WARNING,
-				   "number of operations for the password hashing function is low");
+	if (opslimit < crypto_pwhash_OPSLIMIT_MIN) {
+		zend_error(E_ERROR,
+				   "number of operations for the password hashing function is too low");
 	}
-	if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
-		zend_error(E_WARNING, "maximum memory for the password hashing function is low");
+	if (memlimit < crypto_pwhash_MEMLIMIT_MIN) {
+		zend_error(E_ERROR, "maximum memory for the password hashing function is too low");
 	}
 	hash = zend_string_alloc((size_t) hash_len, 0);
 	ret = -1;
@@ -1902,13 +1915,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_str)
 	if (passwd_len <= 0) {
 		zend_error(E_WARNING, "empty password");
 	}
-	if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
-		zend_error(E_WARNING,
-				   "number of operations for the password hashing function is low");
+	if (opslimit < crypto_pwhash_OPSLIMIT_MIN) {
+		zend_error(E_ERROR,
+				   "number of operations for the password hashing function is too low");
 	}
-	if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
-		zend_error(E_WARNING,
-				   "maximum memory for the password hashing function is low");
+	if (memlimit < crypto_pwhash_MEMLIMIT_MIN) {
+		zend_error(E_ERROR,
+				   "maximum memory for the password hashing function is too low");
 	}
 	hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0);
 	if (crypto_pwhash_str
@@ -2016,13 +2029,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
 				   0);
 		return;
 	}
-	if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
-		zend_error(E_WARNING,
-				   "number of operations for the scrypt function is low");
+	if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) {
+		zend_error(E_ERROR,
+				   "number of operations for the scrypt function is too low");
 	}
-	if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
-		zend_error(E_WARNING,
-				   "maximum memory for the scrypt function is low");
+	if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) {
+		zend_error(E_ERROR,
+				   "maximum memory for the scrypt function is too low");
 	}
 	hash = zend_string_alloc((size_t) hash_len, 0);
 	if (crypto_pwhash_scryptsalsa208sha256
@@ -2063,13 +2076,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)
 	if (passwd_len <= 0) {
 		zend_error(E_WARNING, "empty password");
 	}
-	if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
-		zend_error(E_WARNING,
-				   "number of operations for the scrypt function is low");
+	if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) {
+		zend_error(E_ERROR,
+				   "number of operations for the scrypt function is too low");
 	}
-	if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
-		zend_error(E_WARNING,
-				   "maximum memory for the scrypt function is low");
+	if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) {
+		zend_error(E_ERROR,
+				   "maximum memory for the scrypt function is too low");
 	}
 	hash_str = zend_string_alloc
 		(crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0);